Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Spectre-Variant1_Internals.pdf

srup
December 11, 2019
71

 Spectre-Variant1_Internals.pdf

srup

December 11, 2019
Tweet

Transcript

  1. Spectre Attacks (variant-1) Spectre gadget 2 uint8_t array1[array1_size]; uint8_t array2[];

    // prob if (x < array1_size) y = array2[array1[x] * 4096]; ; r1 = x cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: C Asm
  2. Spectre Attacks (variant-1) Execute repeatedly with correct value (r1<arr1_size) 3

    Instruction Cache ... load r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END cmp_r1, array1_size slow op Commit # r1 = 0 (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + 0 array2 + r2
  3. Spectre Attacks (variant-1) False learning of branch predictor 4 Instruction

    Cache ... load r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END cmp_r1, array1_size slow op Commit # r1 = 0 (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + 0 array2 + r2 Don't jump with jde
  4. Spectre Attacks (variant-1) Clean the cache state 5 Instruction Cache

    ... load r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END cmp_r1, array1_size slow op Commit # r1 = 0 (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr clflush
  5. Spectre Attacks (variant-1) Execute with invalid value (r1>= array1_size) 6

    Instruction Cache Commit # r1 = x’ (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load Schedule Cache Done Pred Corr The target value address is [array1 + r1]
  6. Spectre Attacks (variant-1) Wrong speculative execution start 7 Instruction Cache

    ... load r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END cmp_r1, array1_size slow op Commit # r1 = x’ (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr Don't jump with jde
  7. Spectre Attacks (variant-1) Out-of-Order Execution 8 Instruction Cache ... load

    r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END cmp_r1, array1_size slow op Commit # r1 = 0 (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr
  8. Spectre Attacks (variant-1) Out-of-Order Execution 9 Instruction Cache ... load

    r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END cmp_r1, array1_size slow op Commit # r1 = x’ (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + x’
  9. Spectre Attacks (variant-1) Out-of-Order Execution 10 Instruction Cache ... load

    r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END cmp_r1, array1_size slow op Commit # r1 = x’ (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + x’
  10. Spectre Attacks (variant-1) Out-of-Order Execution 11 Instruction Cache ... load

    r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END cmp_r1, array1_size slow op Commit # r1 = x’ (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + x’ array2 + r2
  11. Spectre Attacks (variant-1) Execution of the first instruction of ROB

    is completed 12 Instruction Cache ... load r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END cmp_r1, array1_size slow op Commit # r1 = x’ (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + x’ array2 + r2
  12. Spectre Attacks (variant-1) Instructions are committed in order 13 Instruction

    Cache ... load r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END cmp_r1, array1_size Commit # r1 = x’ (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + x’ array2 + r2
  13. Spectre Attacks (variant-1) Instructions are committed in order 14 Instruction

    Cache ... load r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END Commit # r1 = x’ (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + x’ array2 + r2
  14. Spectre Attacks (variant-1) Detect speculative execution mistakes 15 Instruction Cache

    ... load r3, [array2 + r2] shl r2, 12 load r2, [array1 + r1] jge END Commit # r1 = x’ (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr “ (Prediction && !Correct) == 1 “ is speculative execution mistake array1 + x’ array2 + r2
  15. Spectre Attacks (variant-1) Pipeline flush 16 Instruction Cache Commit #

    r1 = x’ (user_input) slow op cmp r1, array1_size jge END load r2, [array1 + r1] shl r2, 12 load r3, [array2 + r2] END: Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr Pipeline flush and restart array1 + x’ array2 + r2
  16. Spectre Attacks (variant-1) Read value ( [array1 + r1] (=r2)

    ) with Flush+Reload 17 Instruction Cache Commit Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr Access r2 in order (array2 + 0, 1, 2,…, 0xff) and restore the value of r2 array1 + x’ array2 + r2
  17. Spectre Attacks (variant-1) Read value ( [array1 + r1] (=r2)

    ) with Flush+Reload 18 Instruction Cache Commit Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + x’ array2 + r2 array2 + 0 Access to [array2 + 0] is slow
  18. Spectre Attacks (variant-1) Read value ( [array1 + r1] (=r2)

    ) with Flush+Reload 19 Instruction Cache Commit Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + x’ array2 + r2 array2 + 1 array2 + 0 Access to [array2 + 1] is slow
  19. Spectre Attacks (variant-1) Read value ( [array1 + r1] (=r2)

    ) with Flush+Reload 20 Instruction Cache Commit Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + x’ array2 + 2 array2 + 1 array2 + 0 Access to [array2 + 2] is fast • r2 = 0x2 • [array1+x’] = 0x2
  20. Spectre Attacks (variant-1) Read value ( [array1 + r1] (=r2)

    ) with Flush+Reload 21 Instruction Cache Commit Reorder Buffer Decode Rename Branch Predictoin ALU Load shl r2, 12 cmp r1, array1_size slow operation load r3, [array2 + r2] load r2, [array1 + r1] Schedule Cache Done Pred Corr array1 + x’ array2 + 2 array2 + 1 array2 + 0 Access to [array2 + 2] is fast • r2 = 0x2 • [array1+x’] = 0x2 I was able to read a logically unreadable value ( array1[x’] (x’ >= array1_size) ). In other words, the secret key stored in array1[x’] can be read.